Issue BIND on Debian 13 / 18.0.74 problems with DNSSEC??

[superfun2k23]

Server operating system version

Debian 13

Plesk version and microupdate number

18.0.74 #1

Hi, I have DNSSEC problems with Debian 13.

Already the problems started with upgrading 12.12 to 18.0.74 manual, but then support told me, manual upgrading is not supported, so I installed fresh Debian 13 and it still not works.

Every Domain with activated DNSSEC gets errors and keeps bind from starting..
It states that no matching dnssec-policy ist found for the domain used..
The problems started with upgrading to debian 18.0.74 and Debian 13, so it seems to be related to bind9 version used in Debian 13/Plesk 18.0.74, because in 73/deb12 IT used old auto-dnssec and moved now to new dnssec-policy and yet this ist not working..

Deleting named.conf ist a workaround, bit the file gets recreated by plesk, so bind stops working from time to time.

So maybe someone from support can look at this Situation?

My license isnfrom reseller, so any contact to support would take Long time, since my reseller first have to check and verify.. I hope to get a solution here fast

 

[superfun2k23]

for anyone else getting problems with new bind on 18.0.74 Here is the solution:

Disable DNSSEC for all domains

1. plesk installer remove --components bind
2. apt purge bind9 bind9-utils bind9-host bind9-libs
3. apt autoremove
4. rm -rf /var/lib/bind
5. rm -rf /var/cache/bind
6. rm -rf /etc/systemd/system/named.service.d/
7. rm -rf /etc/systemd/system/bind9.service.d/
8. plesk installer add --components bind
9. plesk repair dns -y

Than re-enable DNSSEC for all domains with new keys and publish them

 

[superfun2k23]

OK, BIND on Plesk seems not compatible with new dnssec-policy's.. yesterday it was working, today named.conf ist malformed again..

Now I fixed the file manuelly and created a copy, then I created an event, that on dns-changes the copy overwrites the one from plesk.

 

[scsa20]

Considering how new Debian 13 is I have no doubt that there will be problems that will happen outside of Plesk's testing since each environment is different, and why I usually wait a year or 2 until after a major release of an OS to ensure all bugs are iron out. Since it seems like you've done quite a bit of troubleshooting already with your setup, you might get better luck opening a ticket directly with Plesk by referring to https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk (you could usually get a 30 day trail for their support service) so they can jump in with you to review everything and see what's up and is probably faster then your reseller.

I don't have an extra domain nor a Debian 13 setup myself to test to see if it's a global issue of if there's like a specific thing and as far as I'm aware you're the only one currently using Plesk on Debian 13 thus the suggestion to open a ticket directly. You can also make a make a bug report over at Reports forums with all the steps you've done so @Sebahat.hadzhi can see if she can replicate the issue and forward directly to the devs as well if she is able to replicate.